On 17/09/2013 02:39, Andy Mabbett wrote:
> [First post here]
>
> Hello,
>
> I'm a contributor to RFC 6350 - but I'm listed there by name only, and
> there is nothing to differentiate me from some other Andy Mabbett (the
> problem is no doubt worse for people with less unusual family names).
> Like many such contributors, I don't want to publish my email address
> as an identifier, in case I get spammed, and if I give an affiliation
> or even the URL of my website, that may change over time.
>
> This problem is addressed by "Open Research Contributor Identifiers"
> (ORCID; <http://orcid.org>), UIDs (and URIs) for scientific and other
> academic authors. Mine is below.
The idea is interesting, but I don't understand the security model.
How do I know that the sender of this message actually has the right
to claim the ORCID in question (0000-0001-5882-6823)? The web page
doesn't present anything (such as a public key) that could be used
for authentication.
Brian
